Home / Vulnerability Intelligence / CVE-2026-32523

CVE-2026-32523 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 26, 2026

denishua WPJAM Basic - Unrestricted File Upload

Published: March 25, 2026Updated: March 26, 2026Remote Exploitable

Overview

denishua WPJAM Basic <= 6.9.2 contains an unrestricted file upload vulnerability caused by insufficient validation of uploaded file types, letting attackers upload malicious files, exploit requires ability to upload files.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 4.2%(Probability of exploitation in next 30 days)

Impact

Attackers can upload malicious files, potentially leading to remote code execution or site compromise.

Mitigation

Update to the latest version beyond 6.9.2.

References

https://patchstack.com/database/Wordpress/Plugin/wpjam-basic/vulnerability/wordpress-wpjam-basic-plugin-6-9-2-arbitrary-file-upload-vulnerability?_s_id=cve

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 27, 2026

🔴 CVE-2026-32523 - Critical (9.9) Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32523/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32523
Severity: Critical
CVSS Score: 9.9
Type: unrestricted_file_upload
Status: new
EPSS: 4.2%
Social Posts: 1

CWE

CWE-434

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

4.2%Probability of exploitation in the next 30 days